Skip to content

SWI-3723 [Snyk] Security upgrade @bandwidth/messaging from 2.0.2 to 4.1.7#79

Open
bwappsec wants to merge 1 commit intomainfrom
snyk-fix-f5cc4d6182bfe02dbf10cbd6bac7658f
Open

SWI-3723 [Snyk] Security upgrade @bandwidth/messaging from 2.0.2 to 4.1.7#79
bwappsec wants to merge 1 commit intomainfrom
snyk-fix-f5cc4d6182bfe02dbf10cbd6bac7658f

Conversation

@bwappsec
Copy link

@bwappsec bwappsec commented Feb 14, 2026

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-AJV-15274295		   157  
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-15268416		   62  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Allocation of Resources Without Limits or Throttling

@bwappsec
Copy link
Author

bwappsec commented Feb 14, 2026

Merge Risk: High

This is a major version upgrade that migrates the SDK to the Bandwidth Universal Platform API (v2), introducing significant breaking changes that require code modifications.

Key Breaking Changes:

  • API Endpoints: The SDK now targets the v2 API. This includes changes to the base URL and the renaming of several API endpoints. For example, methods related to /api/v1/addresses are now likely targeting /api/v2/e911Addresses. [1]
  • Phone Number Format: All phone numbers are now required to be in E.164 format (e.g., +15551234567). Applications not using this format will fail. [1]
  • Authentication: The v2 API uses Bearer Token authentication, which may require changes to how credentials are configured and managed in the SDK. [1]

Recommendation: This upgrade requires a thorough review of the integration. Developers must update endpoint logic, ensure all phone numbers are passed in E.164 format, and verify authentication methods to align with the new v2 API requirements. Due to the scale of these changes, this should be handled as a significant migration effort.

Source: Bandwidth API Breaking Changes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@bwappsec
Copy link
Author

bwappsec commented Feb 14, 2026
edited
Loading

Snyk checks have failed. 1 issues have been found so far.

Status Scanner Critical High Medium Low Total (1)
Open Source Security 0 1 0 0 1 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@bwappsec bwappsec changed the title [Snyk] Security upgrade @bandwidth/messaging from 2.0.2 to 4.1.7 SWI-3723 [Snyk] Security upgrade @bandwidth/messaging from 2.0.2 to 4.1.7 Feb 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bwappsec @snyk-bot